Cybercrime is a lucrative underground business, so it’s no surprise to hear about cybercriminals diversifying their techniques to carry out their malicious intents. One of these alternative tactics is soundsquatting, another form of website domain squatting, wherein a popular website domain or URL is spoofed by using homophones rather than typographical errors. Homophones are words that sound alike; spelling and meaning differ.
While currently not as popular as typosquatting, soundsquatting can lead to the same serious threats: web traffic theft, affiliate scams, phishing attacks, as well as leading visitors of the targeted domain to malicious websites (which, in turn, can cause malware downloaded and installed onto systems). It can also make a particular subset of users, namely, those who rely on assistive technologies to go about their digital lives (e.g., the visually impaired), vulnerable to these threats. We looked deep into this topic to understand what soundsquatting is and see its potential impact in the online security landscape.
Our foray into the core of soundsquatting sought to shed light on several premises, such as the following:
We attempted to answer these through extensive research and through our own soundsquatting domain generator equipped with rules that cybercriminals would plausibly apply. We also utilized Alexa.com’s list of top 10,000 websites as a list of potential soundsquatting targets. The results are as follows.
More details about our results and findings on soundsquatting can be viewed in the full research paper, “Soundsquatting: Uncovering the Use of Homophones in Domain Squatting”.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.